salt

I've always used a proper per-entry salt string when hashing passwords for database storage. For my needs, storing the salt in the DB next to the hashed password has always worked fine. However, some people recommend that the salt be stored separately from the database. Their argument is that if the database is compromised, an attacker can still build a rainbow table taking a particular salt string into account in order to crack one account at a time. If this account has admin privileges, then he may not even need to crack any others. From a security perspective, is it worth it to store salts

Any salt at all will obviously help when salting and hashing a user's password. Are there any best practices for how long the salt should be? I'll be storing the salt in my user table, so I would like the best tradeoff between storage size and security. Is a random 10 character salt enough? Or do I need something longer? Most of these answers are a bit misguided and demonstrate a confusion between salts and cryptographic keys. The purpose of including salts is to modify the function used to hash each user's password so that each stored password hash will have to be attacked individually. The

This is my first trial for implementing a member site with salted passwords which are all stored in the DB (MySQL). Everything works except for the error in the 'login for members' page. The Error: Member login page accepts any entry to the membership site and for some reason passes my check for $result === false This is the code for checking if member exists, please let me know what the problem is: $servername = 'localhost'; $username = 'root'; $pwd = ''; $dbname = 'lp001'; $connect = new mysqli($servername,$username,$pwd,$dbname); if ($connect->connect_error){ die('connection failed, reason: